Manage the Authentication Service Add-on¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Important
You are viewing documentation for Classic Alation.
This topic describes how to install, upgrade, monitor, and uninstall the Authentication Service add-on for the Alation Agent.
Install the Authentication Service Add-on¶
You can install the latest Authentication Service add-on from Alation Cloud Service, or you can install it manually from the Agent machine.
Prerequisites¶
To use the Authentication Service add-on, you must meet the following requirements:
To access AWS Secrets Manager using an IAM instance profile:
You must be on Alation Cloud Service version 2024.1.4 or later.
Your Alation Agent must be installed on an Amazon EC2 instance.
You must be using Alation Agent version 1.7.2.4360 or later.
You must install Authentication Service Add-on version 5.14.0.1882 or later on the Alation Agent.
To access AWS Secrets Manager using an IAM user’s credentials:
You must be on Alation Cloud Service version 2024.1.5 or later.
You must be using Alation Agent version 1.7.2.4360 or later.
You must install Authentication Service Add-on version 5.14.0.1968 or later on the Alation Agent.
To access HashiCorp Vault:
You must be on Alation version 2025.1.1 or later.
If you’re connecting to your data source through an Alation Agent, you must be using Alation Agent version 1.8.10.5154 or later.
If you’re connecting to your data source through an Alation Agent, you must install Authentication Service Add-on version 5.14.0.2303 or later on the Alation Agent.
You must have a supporting OCF connector installed on the Agent. To find out if a specific connector supports this feature, see the documentation for the specific connector in the Open Connector Framework (OCF) Overview section.
Note
You can use the Native Data Sources API to migrate a data source from an OCF connector that’s not on an Alation Agent to an OCF connector that is on an Alation Agent.
Install the Authentication Service Add-on from Alation Cloud Service¶
To install the Authentication Service add-on from Alation Cloud Service:
Click on the Settings icon in the top right corner.
-
Under the Server Admin section, click Manage Connectors. Then click the Agents tab. The Agents Dashboard appears.
To the right of the Agent name, click the Actions button, then select Install Auth Service. If the option doesn’t appear, that means the add-on is already installed.
In the confirmation dialog that appears, click the Install button. When the installation is complete, a success message will appear.
Install the Authentication Service from the Agent¶
To install (or update) the Authentication Service add-on manually on an Alation Agent:
Use the Alation Agent API to download the latest version of the Authentication Service add-on. See the Alation Agent API for more information. As an example, you can get the latest version of the add-on by running the following command:
curl --request GET \ --url https://{YOUR_ALATION_URL}/integration/v1/agent/addons/auth/latest \ --header 'TOKEN: {YOUR_API_TOKEN}' \ --header 'accept: application/gzip' \ --output auth.tar.gz
If needed, transfer the downloaded file to the Agent’s host machine. For example, if you downloaded the plugin file to a Unix-based machine, you could transfer the file using the
scpcommand in Terminal:scp /local/path/to/auth.tar.gz <ssh-user>@<server-address>:/remote/path/to/agent
Install or update the plugin. To install the plugin from scratch, use this command:
sudo kratos addons install auth ./auth.tar.gz
To update the plugin, use this command:
sudo kratos addons update auth ./auth.tar.gz
Restart the Agent:
sudo systemctl restart hydra
Check that the plugin is running. It may take about two minutes for the plugin to start up.
sudo docker ps
In the output of this command, you should see
authlisted underIMAGE, and underSTATUSit should indicate that the plugin isUp. For example:CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 00d929b2582b auth "java -Dlog4j.config…" 11 seconds ago Up 10 seconds 0.0.0.0:11001->11001/tcp, :::11001->11001/tcp auth f80e23b27e2a application_gateway "/opt/cag" 11 seconds ago Up 10 seconds (health: starting) cag c8c16128644e proxy "/opt/reverseProxy" 12 seconds ago Up 11 seconds (health: starting) proxy 8c3d5cfeb3fd connector_21 "/opt/entrypoint.sh …" 12 seconds ago Up 12 seconds (health: starting) 127.0.0.1:10021->10021/tcp connector21 c8814bcadc3c agent "/opt/agent" 13 seconds ago Up 12 seconds (health: starting) 127.0.0.1:8080->8080/tcp agent
The Authentication Service add-on has now been installed. To troubleshoot the Agent or Authentication Service add-on, see Troubleshoot the Agent.
Upgrade the Authentication Service Add-on¶
You can upgrade the latest Authentication Service add-on from Alation Cloud Service, or you can upgrade it manually from the Agent machine.
Upgrade the Authentication Service Add-on from Alation Cloud Service¶
Upgrading the Authentication Service add-on from Alation Cloud Service always uses the latest version of the add-on.
To check which version is currently installed:
Click on the Settings icon in the top right corner.
-
Under the Server Admin section, click Manage Connectors. Then click the Agents tab. The Agents Dashboard appears.
Click on the name of the Agent. The Agent detail view appears. Under Authentication Service, the version number is displayed. If a newer version is available, Upgrade Available appears next to the version number.
To upgrade the Authentication Service add-on from Alation Cloud Service:
Click on the Settings icon in the top right corner.
-
Under the Server Admin section, click Manage Connectors. Then click the Agents tab. The Agents Dashboard appears.
To the right of the Agent name, click the Actions button, then select Upgrade Auth Service. If the option is disabled, that means the latest version is already installed.
In the confirmation dialog that appears, click the Upgrade button. When the upgrade is complete, a success message will appear.
Upgrade the Authentication Service from the Agent¶
To install (or update) the Authentication Service add-on manually on an Alation Agent:
Use the Alation Agent API to download the latest version of the Authentication Service add-on. See the Alation Agent API for more information. As an example, you can get the latest version of the add-on by running the following command:
curl --request GET \ --url https://{YOUR_ALATION_URL}/integration/v1/agent/addons/auth/latest \ --header 'TOKEN: {YOUR_API_TOKEN}' \ --header 'accept: application/gzip' \ --output auth.tar.gz
If needed, transfer the downloaded file to the Agent’s host machine. For example, if you downloaded the plugin file to a Unix-based machine, you could transfer the file using the
scpcommand in Terminal:scp /local/path/to/auth.tar.gz <ssh-user>@<server-address>:/remote/path/to/agent
Install or update the plugin. To install the plugin from scratch, use this command:
sudo kratos addons install auth ./auth.tar.gz
To update the plugin, use this command:
sudo kratos addons update auth ./auth.tar.gz
Restart the Agent:
sudo systemctl restart hydra
Check that the plugin is running. It may take about two minutes for the plugin to start up.
sudo docker ps
In the output of this command, you should see
authlisted underIMAGE, and underSTATUSit should indicate that the plugin isUp. For example:CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 00d929b2582b auth "java -Dlog4j.config…" 11 seconds ago Up 10 seconds 0.0.0.0:11001->11001/tcp, :::11001->11001/tcp auth f80e23b27e2a application_gateway "/opt/cag" 11 seconds ago Up 10 seconds (health: starting) cag c8c16128644e proxy "/opt/reverseProxy" 12 seconds ago Up 11 seconds (health: starting) proxy 8c3d5cfeb3fd connector_21 "/opt/entrypoint.sh …" 12 seconds ago Up 12 seconds (health: starting) 127.0.0.1:10021->10021/tcp connector21 c8814bcadc3c agent "/opt/agent" 13 seconds ago Up 12 seconds (health: starting) 127.0.0.1:8080->8080/tcp agent
The Authentication Service add-on has now been installed. To troubleshoot the Agent or Authentication Service add-on, see Troubleshoot the Agent.
Uninstall the Authentication Service Add-on¶
To uninstall the Authentication Service add-on:
Click on the Settings icon in the top right corner.
-
Under the Server Admin section, click Manage Connectors. Then click the Agents tab. The Agents Dashboard appears.
To the right of the Agent name, click the Actions button, then select Remove Auth Service. If the option doesn’t appear, that means the add-on isn’t installed.
In the confirmation dialog that appears, click the Continue Removal button. When the removal is complete, a success message will appear.
Check the Authentication Service Add-on’s Status¶
To check the status from Alation Cloud Service:
Click on the Settings icon in the top right corner.
-
Under the Server Admin section, click Manage Connectors. Then click the Agents tab. The Agents Dashboard appears.
Click on the name of the Agent. The Agent detail view appears. Under Authentication Service, the status is displayed. The status can be one of the following:
Connected—Indicates that Authentication Service is up and running
Disconnected—Indicates that Authentication Service is installed but not running
Unknown—Indicates that we are unable to fetch the Authentication Service status
To check the status from the Agent machine:
Log into the machine where the Alation Agent is running.
Run the following command:
sudo docker ps
In the output of this command, you should see
authlisted underIMAGE, and underSTATUSit should indicate that the plugin isUp. For example:CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 00d929b2582b auth "java -Dlog4j.config…" 11 seconds ago Up 10 seconds 0.0.0.0:11001->11001/tcp, :::11001->11001/tcp auth f80e23b27e2a application_gateway "/opt/cag" 11 seconds ago Up 10 seconds (health: starting) cag c8c16128644e proxy "/opt/reverseProxy" 12 seconds ago Up 11 seconds (health: starting) proxy 8c3d5cfeb3fd connector_21 "/opt/entrypoint.sh …" 12 seconds ago Up 12 seconds (health: starting) 127.0.0.1:10021->10021/tcp connector21 c8814bcadc3c agent "/opt/agent" 13 seconds ago Up 12 seconds (health: starting) 127.0.0.1:8080->8080/tcp agent
Stop the Authentication Service Add-on¶
To stop the Authentication Service add-on, you must stop the entire Agent. See Start and Stop the Agent for more information.